Authentication Certificate term papers point out that most information security technology is currently based on secure socket layers (SSL), which are designed to encrypt messages sent from the browser before sending it to the server to prevent messages from being violated during transmission. At the server level, the SSL decrypts the message and verifies that it came from the correct sender in an authentication process that compares encoded cipher keys that are contained in a certificate. This software should be equipped to detect tampering or damage to the information during transit, before it actually arrives at the server.
A digital certificate is somewhat like a credit card that establishes credentials of participants doing business or other transactions on the Internet. It contains their name, serial number, expiration date, a copy of their certificate holder’s public key (used for encryption messages and digital signature), and the digital signature of the certificate-issuing authority. The actual information included on the certificate itself is not complex and is sometimes little more than the email address of the certificate administrator (CA). Certificate administrators (CAs) are usually large, well-established organizations, successful in digital encryption technology, including AT&T, GTE and VeriSign.
SSL systems currently offer both 40-bit and 128-bit encryption technology for certification, with the 128-bit system as the more difficult encryption technique for an intruder to break since it permits 3.4*1038 possible keys. A more recently developed SSL system available for deployment only within the United States has 168-bit encryption. Since the Internet is functionally a global network, communications outside of the United States are constrained to operate at the lowest common global denominator of the 40-bit encryption system. This significantly heightens the risk of intrusion at all levels of e-commerce.